Re: [v3 PATCH] crypto: lzo - Fix compression buffer overrun
From: David Sterba
Date: Fri Feb 28 2025 - 08:21:24 EST
On Thu, Feb 27, 2025 at 05:04:46PM +0800, Herbert Xu wrote:
> Unlike the decompression code, the compression code in LZO never
> checked for output overruns. It instead assumes that the caller
> always provides enough buffer space, disregarding the buffer length
> provided by the caller.
>
> Add a safe compression interface that checks for the end of buffer
> before each write. Use the safe interface in crypto/lzo.
>
> Signed-off-by: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>
Thanks.
Reviewed-by: David Sterba <dsterba@xxxxxxxx>